Dr. Nigel Edwards

You won't notice it.

The foundation of confidential computing is something called a trusted execution environment.

When a trusted execution environment starts, the process enters a special state and measures that.

That measurement is signed by a private key that's known only to the processor.

That private key is certified by the vendor, and that measurement can be made available by the trusted execution environment

to an external entity, enabling them to do two things.

One is that very certification, silicon certification, gives you an assurance that that trusted execution environment is protected.

It's protected by data encryption and it's protected from system administrators manipulating the memory to compromise the workload.

The second thing it gives you is a measurement.

So that measurement can be passed to a service to verify that against an expected measurement.

So you know that actually that trusted execution environment is running the expected code.

then the paradigm would be to provide that trusted execution environment with a key from which it could load that data into memory, decrypt it and start to process it.

So for example, load the database into memory, decrypt the database and start processing the data on it.

Load the data and the AI model into memory, decrypt those and start using it.

Thank you.

The fundamental encryption algorithm that's used in confidential computing is AES.

So AES-256 is actually the standard algorithm that the American National Institute of Standards and Technology are advising and recommending for security against the quantum computer.

Today they are using algorithms which are thought to be vulnerable to a quantum computer, ECDSA, RSA.

Those need to be changed to the newer PQC algorithms, in particular MLDSA.

So future versions of silicon will switch to using MLDSA instead of RSA or ECDSA to sign measurements of trusted execution environments.